eWEEK IT Science: Moving from Reactive to Proactive Fintech Security

eWEEK IT SCIENCE RESOURCE ARTICLE: eSentire’s MDR package provides Wetherby Asset Management a much-needed layer of technical defense as a backstop for the company’s cybersecurity awareness initiative.


Here is the latest article in an eWEEK feature series called IT Science, in which we look at what actually happens at the intersection of new-gen IT and legacy systems.

Unless it’s brand new and right off various assembly lines, servers, storage and networking inside every IT system can be considered “legacy.” This is because the iteration of both hardware and software products is speeding up all the time. It’s not unusual for an app-maker, for example, to update and/or patch for security purposes an application a few times a month, or even a week. Some apps are updated daily! Hardware moves a little slower, but manufacturing cycles are also speeding up.

These articles describe new-gen industry solutions. The idea is to look at real-world examples of how new-gen IT products and services are making a difference in production each day. Most of them are success stories, but there will also be others about projects that blew up. We’ll have IT integrators, system consultants, analysts and other experts helping us with these as needed.

Today’s Topic: Moving from Reactive to Proactive Fintech Security

Name the problem to be solved: Founded in 1990, Wetherby Asset Management is a portfolio management and wealth planning company with more than $5 billion in assets under management. Wetherby was struggling to keep up with the rapid changes within the information security space. The company outsourced most of its technology services, but without the internal resources to highlight issues that needed attention, the service providers were mostly reactive. And the outdated infrastructure offered no network visibility, limiting threat intelligence.

In addition, Wetherby lacked formalized security policies, procedures and best practices for employees. The company needed to overhaul its approach to security; otherwise, a successful cyberattack was inevitable. To reduce risk with only limited resources, Wetherby would need a clear understanding of the existing security threat landscape and buy-in from senior management.

Describe the strategy that went into finding the solution: A selection committee was assembled, composed of internal representation from the Technology, Compliance and Operations teams. Because some members of the team did not possess background knowledge of information security fundamentals, some internal training and awareness was provided to align the team in understanding what the objectives were. The solution selection criteria included consideration for solution capability, initial and ongoing cost, vendor reputation and integration points. The team assessed three solutions from different vendors, which involved demos and customer reference calls. Using a scoring mechanism based on the selection criteria, the team quickly eliminated one vendor from consideration. eSentire was ultimately selected due to its advanced behavioral analysis capability, as well as for its focus on the financial services industry.

List the key components in the solution: Wetherby chose to deploy eSentire Managed Detection and Response, a 24/7 monitoring service that identifies and contains threats. The principal component of this service deployed was esNETWORK, a zero-latency IPS/IDS designed to provide full network visibility, eliminating attack blind spots that traditional technologies miss. It auto-detects and responds to known and unknown threats with:

  • real-time blocking of IOCs, signatures and previously unseen attacks, including phishing, malware, ransomware and botnets;
  • an extensive, proprietary rules library covering 40+ threat categories; and
  • highly customizable rules and policies, including executable white lists, geo-IP and blocking access to specific sites.

In addition, eSentire’s analysts in the Security Operations Center (SOC) provide expert help with emerging security issues of which the organization needs to be aware.

Describe how the deployment went, perhaps how long it took, and if it came off as planned: The deployment of eSentire services was properly managed by the eSentire project team and went as planned. Expectations for timeline and internal involvement were set early in the process and helped make sure there were no surprises along the way. From beginning to end, the implementation took approximately six weeks. After the hardware was received and installed by internal resources, the eSentire team took over remote configuration and started a three-week behavioral baseline analysis. Once the network traffic baseline was complete, the system was switched over to an active mode, enabling it to start disrupting unwanted or suspicious network activity.

Describe the result, new efficiencies gained, and what was learned from the project: Alerts are now configured for events such as remote desktop connections and SSH sessions, which provides Wetherby with the data needed to understand what is happening in its environment, as well as to support new security policies.

eSentire’s MDR gives Wetherby a much-needed layer of technical defense as a backstop for the company’s cybersecurity awareness initiative. If an employee forgets his/her training and clicks on a malicious link in an email or tries to open an infected file, MDR can find out what page the malicious code contacted and what payload it tried to download.

Wetherby also replaced an entire cybersecurity program with eSentire’s Managed Vulnerability Service, which provides comprehensive risk identification and prioritization with unmatched accuracy across traditional enterprise IT assets. Before this, Wetherby had commissioned annual penetration tests from a consultancy.

With an expert security team monitoring every network packet, eSentire’s protection has stopped significant cyberattacks on the organization. For instance, on Dec. 31, 2018, attackers began a sustained 12-hour brute force attack on the company. The SOC alerted Wetherby via email that a sustained attack was coming from several European countries. Wetherby blocked traffic from those countries for the duration of the attack so it could revisit that traffic later. 

During Wetherby’s next quarterly phone review with eSentire, they reviewed the incident for greater clarity. eSentire also provides regular reports that include useful statistics that demonstrate to management the need for focused security investments.

Describe ROI, carbon footprint savings, and staff time savings, if any: Had Wetherby built an in-house solution, rather than partner with eSentire, it would likely be spending 2.5 times the cost for similar capability, but with the added risk of eventual employee attrition.

If you have a suggestion for an eWEEK IT Science article, email [email protected].